Advanced attacks are designed to evade traditional preventative and detection techniques. Network Detection and Response solutions provide a sound method for identifying threats traversing through the network as well as through cloud traffic. One key attribute of Network Detection and Response solutions is the coverage across all ports and protocols to ensure full visibility.
There are a multitude of detection techniques that Network Detection and Response solutions leverage, including supervised and unsupervised machine-learning techniques, deep packet and deep session inspection, malware detection, sandboxing, asset inventory, and more.
Beyond detection, organizations also use NDR solutions to help investigate and mitigate an incident. To this end, Network Detection and Response tools that are integrated with endpoint detection and response solutions can offer substantial improvements in speeding alert investigation and resolution. A good example of this is automatically validating that a detected threat via network traffic has in fact compromised an endpoint or multiple endpoints in the environment, and then having the ability to automatically take an action, such as isolating that impacted endpoints from the network.
Network Detection and Response solutions can also collect and store rich metadata that can be easily searched for deeper investigation and hunting efforts. The value of the metadata is that it is easy to query, facilitates faster investigations and is much more cost-effective than storing full PCAPs.